1cdc3a89d5de90b2299c56f4a46c3de590c5184d1Ted Kremenek// RUN: %clang_cc1 -Wno-array-bounds -analyze -analyzer-checker=core,alpha.unix,alpha.security.ArrayBound -analyzer-store=region -verify %s 23ed04d37573c566205d965d2e91d54ccae898d0aZhongxing Xu 33ed04d37573c566205d965d2e91d54ccae898d0aZhongxing Xutypedef __typeof(sizeof(int)) size_t; 43ed04d37573c566205d965d2e91d54ccae898d0aZhongxing Xuvoid *malloc(size_t); 5a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xuvoid *calloc(size_t, size_t); 620f0178a232029bea7f34adecb6e5bdd6fada483Zhongxing Xu 720f0178a232029bea7f34adecb6e5bdd6fada483Zhongxing Xuchar f1() { 820f0178a232029bea7f34adecb6e5bdd6fada483Zhongxing Xu char* s = "abcd"; 9f9e96843e8a0afd0d5f58ba224fb8d57cba8effaTed Kremenek char c = s[4]; // no-warning 1058e689fead1490611bcd114fb707bfc08a12049eZhongxing Xu return s[5] + c; // expected-warning{{Access out-of-bound array element (buffer overflow)}} 1120f0178a232029bea7f34adecb6e5bdd6fada483Zhongxing Xu} 123ed04d37573c566205d965d2e91d54ccae898d0aZhongxing Xu 133ed04d37573c566205d965d2e91d54ccae898d0aZhongxing Xuvoid f2() { 143ed04d37573c566205d965d2e91d54ccae898d0aZhongxing Xu int *p = malloc(12); 153ed04d37573c566205d965d2e91d54ccae898d0aZhongxing Xu p[3] = 4; // expected-warning{{Access out-of-bound array element (buffer overflow)}} 163ed04d37573c566205d965d2e91d54ccae898d0aZhongxing Xu} 179618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu 189618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xustruct three_words { 199618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu int c[3]; 209618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu}; 219618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu 229618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xustruct seven_words { 239618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu int c[7]; 249618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu}; 259618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu 269618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xuvoid f3() { 279618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu struct three_words a, *p; 289618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu p = &a; 299618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu p[0] = a; // no-warning 309618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu p[1] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}} 319618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu} 329618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu 339618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xuvoid f4() { 349618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu struct seven_words c; 359618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu struct three_words a, *p = (struct three_words *)&c; 369618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu p[0] = a; // no-warning 379618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu p[1] = a; // no-warning 389618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu p[2] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}} 399618b858e2b4f79aa2b8b0291e9c833cee0435f8Zhongxing Xu} 40a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu 41a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xuvoid f5() { 42a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu char *p = calloc(2,2); 43a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu p[3] = '.'; // no-warning 44a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu p[4] = '!'; // expected-warning{{out-of-bound}} 45a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu} 464d912b24b393fe6b7422e5502f3a330cbdc5c6b7Jordy Rose 474d912b24b393fe6b7422e5502f3a330cbdc5c6b7Jordy Rosevoid f6() { 484d912b24b393fe6b7422e5502f3a330cbdc5c6b7Jordy Rose char a[2]; 494d912b24b393fe6b7422e5502f3a330cbdc5c6b7Jordy Rose int *b = (int*)a; 504d912b24b393fe6b7422e5502f3a330cbdc5c6b7Jordy Rose b[1] = 3; // expected-warning{{out-of-bound}} 514d912b24b393fe6b7422e5502f3a330cbdc5c6b7Jordy Rose} 5232f2656b90900ac04c4b50e87c16749d0ceb9ef2Jordy Rose 5332f2656b90900ac04c4b50e87c16749d0ceb9ef2Jordy Rosevoid f7() { 5432f2656b90900ac04c4b50e87c16749d0ceb9ef2Jordy Rose struct three_words a; 5532f2656b90900ac04c4b50e87c16749d0ceb9ef2Jordy Rose a.c[3] = 1; // expected-warning{{out-of-bound}} 5632f2656b90900ac04c4b50e87c16749d0ceb9ef2Jordy Rose} 5752e04c537633377fb14cfa4fa3c95e3e510fc942Jordy Rose 5852e04c537633377fb14cfa4fa3c95e3e510fc942Jordy Rosevoid vla(int a) { 5952e04c537633377fb14cfa4fa3c95e3e510fc942Jordy Rose if (a == 5) { 6052e04c537633377fb14cfa4fa3c95e3e510fc942Jordy Rose int x[a]; 6152e04c537633377fb14cfa4fa3c95e3e510fc942Jordy Rose x[4] = 4; // no-warning 6252e04c537633377fb14cfa4fa3c95e3e510fc942Jordy Rose x[5] = 5; // expected-warning{{out-of-bound}} 6352e04c537633377fb14cfa4fa3c95e3e510fc942Jordy Rose } 6452e04c537633377fb14cfa4fa3c95e3e510fc942Jordy Rose} 65b7e3aabf8f0fe4210d6a0aaec8a2b5770cab9186Jordy Rose 668556cc44af71f6147e1a821489b56f35acadea3fJordy Rosevoid alloca_region(int a) { 678556cc44af71f6147e1a821489b56f35acadea3fJordy Rose if (a == 5) { 688556cc44af71f6147e1a821489b56f35acadea3fJordy Rose char *x = __builtin_alloca(a); 698556cc44af71f6147e1a821489b56f35acadea3fJordy Rose x[4] = 4; // no-warning 708556cc44af71f6147e1a821489b56f35acadea3fJordy Rose x[5] = 5; // expected-warning{{out-of-bound}} 718556cc44af71f6147e1a821489b56f35acadea3fJordy Rose } 728556cc44af71f6147e1a821489b56f35acadea3fJordy Rose} 73e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose 74e701117b21356d3c60133315b5bdd50232ec6ccaJordy Roseint symbolic_index(int a) { 75e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose int x[2] = {1, 2}; 76e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose if (a == 2) { 77e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose return x[a]; // expected-warning{{out-of-bound}} 78e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose } 79e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose return 0; 80e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose} 81e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose 82e701117b21356d3c60133315b5bdd50232ec6ccaJordy Roseint symbolic_index2(int a) { 83e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose int x[2] = {1, 2}; 84e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose if (a < 0) { 85e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose return x[a]; // expected-warning{{out-of-bound}} 86e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose } 87e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose return 0; 88e701117b21356d3c60133315b5bdd50232ec6ccaJordy Rose} 8972b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks 9072b74aab5191cb103bce90e62b824e4baacc6950Anna Zaksint overflow_binary_search(double in) { 9172b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks int eee = 16; 9272b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks if (in < 1e-8 || in > 1e23) { 9372b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks return 0; 9472b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks } else { 9572b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks static const double ins[] = {1e-8, 1e-7, 1e-6, 1e-5, 1e-4, 1e-3, 1e-2, 1e-1, 9672b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks 1e0, 1e1, 1e2, 1e3, 1e4, 1e5, 1e6, 1e7, 9772b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks 1e8, 1e9, 1e10, 1e11, 1e12, 1e13, 1e14, 1e15, 9872b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks 1e16, 1e17, 1e18, 1e19, 1e20, 1e21, 1e22}; 9972b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks if (in < ins[eee]) { 10072b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks eee -= 8; 10172b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks } else { 10272b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks eee += 8; 10372b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks } 10472b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks if (in < ins[eee]) { 10572b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks eee -= 4; 10672b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks } else { 10772b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks eee += 4; 10872b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks } 10972b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks if (in < ins[eee]) { 11072b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks eee -= 2; 11172b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks } else { 11272b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks eee += 2; 11372b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks } 11472b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks if (in < ins[eee]) { 11572b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks eee -= 1; 11672b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks } else { 11772b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks eee += 1; 11872b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks } 11972b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks if (in < ins[eee]) { // expected-warning {{Access out-of-bound array element (buffer overflow)}} 12072b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks eee -= 1; 12172b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks } 12272b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks } 12372b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks return eee; 12472b74aab5191cb103bce90e62b824e4baacc6950Anna Zaks} 125